Stories by Lucian Constantin

IT manager gets certificate for Microsoft domain, tries to report it but gets in trouble

After a security enthusiast discovered a loophole that allowed him to register a valid SSL certificate for Microsoft's live.fi domain, he tried to responsibly disclose the issue. But instead of thanks he got locked out of his email, phone, Xbox and online storage accounts.

EMET security tool updated to prevent VBScript God Mode attacks

Microsoft updated its Enhanced Mitigation Experience Toolkit (EMET), a free exploit prevention tool, to protect against attacks that attempt to bypass Internet Explorer's sandbox using VBScript.

Microsoft blacklists fraudulently issued SSL certificate

Microsoft released an update to blacklist an SSL certificate for one of its domain names that was issued to an unauthorized third party.

Yahoo's new on-demand password system is no replacement for two-factor authentication

In an effort to simplify authentication for its services, Yahoo has introduced a new mechanism that allows users to log in with temporary passwords that are sent to their mobile phones.

Don't trust other people's USB flash drives, they could fry your laptop

Have you ever heard stories about malicious USB thumb drives frying laptops and thought they were far fetched? An electronics engineer heard them too, and then set out to create a prototype.

New ransomware program targets gamers

A new malware program attempts to extort money from gamers by encrypting game saves and other user-generated files for popular computer games.

Over a million WordPress websites at risk because of flaw in popular SEO plug-in

Over a million WordPress websites that use a popular plug-in to optimize their search engine results are at risk of being hacked if they don't apply a newly released patch.

Code name found in Equation group malware suggests link to NSA

As security researchers continue to analyze malware used by a sophisticated espionage group dubbed the Equation, more clues surface that point to the U.S. National Security Agency being behind it.

Windows PCs remained vulnerable to Stuxnet-like LNK attacks after 2010 patch

If you patched your Windows computers in 2010 against the LNK exploit used by Stuxnet and thought you were safe, researchers from Hewlett-Packard have some bad news for you: Microsoft's fix was flawed.

Snowden docs show CIA's attempts to defeat Apple device security

Researchers sponsored by the U.S. government have reportedly tried to defeat the encryption and security of Apple devices for years.

Tool allows account hijacking on sites that use Facebook Login

A new tool allows hackers to generate URLs that can hijack accounts on sites that use Facebook Login, potentially enabling powerful phishing attacks.

Cyberespionage arsenal could be tied to French intelligence agencies

A collection of computer Trojans that have been used since 2009 to steal data from government agencies, military contractors, media organizations and other companies is tied to cyberespionage malware possibly created by French intelligence agencies.

Windows systems are also vulnerable to FREAK attacks

A cryptographic library used in all Windows versions is affected by a recently disclosed vulnerability in SSL/TLS implementations that allows man-in-the-middle attackers to force clients and servers to use weak encryption. Internet Explorer and other programs using the library are affected.

Police arrest man in UK over US Defense Department network intrusion

British law enforcement agencies arrested a 23-year-old man suspected of being involved in a hacking attack last year against a satellite communications system operated by the U.S. Department of Defense.

Adobe invites help hunting vulnerabilities in its online services

Adobe Systems launched a new program that encourages security researchers to find and report vulnerabilities in the company's websites and other online services.